redline | 680b9f5fe758d33fe29491c3b071d5b0cce2bc8d941382a58670b632a8f51eba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.PWS.RedLineNET.7.19291.11472.exe
Size

1.1MB
Sample

230821-pwr5jsee8v
MD5

a1726bf066aabd7f6a69a0cf33bbc080
SHA1

20044880fc0cad5e99da865c560d690c255a66fd
SHA256

680b9f5fe758d33fe29491c3b071d5b0cce2bc8d941382a58670b632a8f51eba
SHA512

5c3ff5053fcef7a10997830153c95eaa1b77a2d6ea898946c337633eed06241f58a3cee49b9f2826d864590b95369f91b6ad6dacf48995e1583325c2efc104ff
SSDEEP

24576:skd1/jg7PvqovaBlM+EIPeEUJqbamPCwwpz:skM7PvqoEM4prnC3

Score

10^/10

redline test infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

TEST

C2

46.149.77.25:8599

Attributes

auth_value
8bc44a2d180183251d176d7b20ad1f91

Targets

- Target
  
  SecuriteInfo.com.Trojan.PWS.RedLineNET.7.19291.11472.exe
- Size
  
  1.1MB
- MD5
  
  a1726bf066aabd7f6a69a0cf33bbc080
- SHA1
  
  20044880fc0cad5e99da865c560d690c255a66fd
- SHA256
  
  680b9f5fe758d33fe29491c3b071d5b0cce2bc8d941382a58670b632a8f51eba
- SHA512
  
  5c3ff5053fcef7a10997830153c95eaa1b77a2d6ea898946c337633eed06241f58a3cee49b9f2826d864590b95369f91b6ad6dacf48995e1583325c2efc104ff
- SSDEEP
  
  24576:skd1/jg7PvqovaBlM+EIPeEUJqbamPCwwpz:skM7PvqoEM4prnC3
Score

10^/10

redline test infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinetestinfostealerspyware

behavioral2

redlinetestinfostealerspyware